& Lt; TCP/IP details volume 1 & gt; Reading Notes (2) -- ip layer sharing (ICMP)

This time, the "protocol" field in the ip header will be used separately. As shown in the preceding figure, all TCP, UDP, ICMP, and IGMP data are transmitted in ip datagram format. TCP and UDP data packets are delivered to the upper layer, that is, the application layer. ICMP and IGMP messages are processed by the TCP/IP protocol module and are not paid to the user application layer.

1. ICMP: Internet Control Packet Protocol

ICMP packets are transmitted inside the ip datagram. the basic format of the ICMP packet is as follows except for the ip header:

Some icmp messages are used for query, and some icmp messages are used for error reporting. For various types of icmp packets, see:

The processing of ICMP error messages and ICMP Query Packets is different. When an ICMP error message is responded, another ICMP error message will never be generated. When an ICMP error message is sent, the packet always contains the first eight bytes of the IP address header and the IP datagram that generates the ICMP error message. In this way, the module that receives an ICMP error message will associate it with a specific protocol (based on the protocol field in the IP datagram header) and user process (based on the TCP or UDP port number in the first eight bytes of the IP datagram ).

The following situations do not cause ICMP error packets:

(1) ICMP error packets (but ICMP Query Packets may generate ICMP error packets)

(2) the destination address is the IP datagram of the broadcast address or multicast address.

(3) As a datagram for Link Layer broadcast

(4) It is not the first IP segment.

(5) the source address is not a datagram of a single host.

 

2. ICMP Query Packets

The Query Packets mentioned in the list, including echo response/request, router announcement/request, Timestamp Request/response, and Address Mask Request/response... this book is basically an introduction.

The first is the Subnet Mask Request/response packet, which is used by the diskless system to obtain its own subnet mask during the boot process. The system broadcasts its ICMP request packets in the following format:

The identifier and Serial Number Fields in ICMP packets are set by the sender. These values are returned in the response, so that the sender can match the response with the request.

The ICMP timestamp request allows the system to query the current time from another system. The recommended value returned is the number of milliseconds since midnight. The Coordinated Universal Time (UTC) provides a millisecond-level resolution. The message format is as follows:

The requester fills in the initiation timestamp, the responding system fills in the receipt timestamp when receiving the request message, and the sending timestamp when sending the response. The positions of each item on the time line are as follows:

Echo Request/response refers to the packets used by ping programs. The purpose of ping is to test whether another host is reachable. The program sends an ICMP echo request packet to the host and waits for the response to the ICMP echo. Most TCP/IP implementations directly support the ping server in the kernel (you can also disable this server). The format of ICMP Echo Request/response packets is as follows:

As mentioned above, there is a record route option in the IP option. The ping program can add the Record Route Option in the ip datagram header by adding the-r command, each router that processes the datagram puts its IP address in the option field. When the datagram arrives at the destination end, the IP address list should be copied to the ICMP echo response, in this way, the router address on the way back is added to the list. However, the ip packet header only has 40 bytes to store the RR option. The general format of the RR option is as follows:

Code is a byte that specifies the type of the ip Option. For the RR option, its value is 7, len is the total byte length of the RR option, in this case 39, ptr is called a pointer field, it is a 1-based pointer, point to the location where the next IP address is stored. The minimum value is 4, pointing to the location where the first IP address is stored. As each IP address is saved to the list, the ptr value ranges from 8 to 12 to 36. When the nine IP addresses are recorded, the ptr value is 40, indicating that the list is full.

In addition to adding the RR option to the IP address header of the icmp echo packet sent by ping, you can also add the IP timestamp option, which is similar to the preceding format, only one additional field is used to describe the overflow field and flag field.

 

There is also the last ICMP query packet, that is, the router advertised/ECHO packet, which is used for IP routing. Routing is one of the most important functions of IP addresses. We have mentioned several steps to search the route table when selecting an IP Route (this is the routing mechanism ):

(1) Search for matched host addresses

(2) Search for matched network addresses

(3) Search for default table items.

Describes the simple process of IP layer processing:

The system changes the table items of the route table in three ways. One is the route command, the Administrator manually configures the route, and the other is the ICMP Redirect message, which is an ICMP error message that can only be generated by the router, the last one is the routing daemon. The routing daemon is an application. It sends ICMP router request packets and receives ICMP Router notification packets to learn the adjacent network conditions. The formats of ICMP router request packets and router notification packets are as follows:

In the vro announcement message, the address segment describes the total number of vro addresses in the message. The length of the address entry refers to the number of 32-bit vro addresses, which is always 2 in ipv4, the survival time field indicates the effective time (in seconds) of the advertised address ).

At the beginning, I kept thinking about the relationship between router request/notification packets and RIP? Later, I carefully read the introductions in the book several times. I guess, the router request/notification packet is the communication between the host and the router in the same subnet (while RIP is the communication between the router and the router). This communication process is completed by the routing daemon process at the application layer, "It only adds or deletes Default table items. The daemon must be configured as a router or host for use. "Because the operations on the router and the host are different, the router is responsible for sending the router notice and listening to the router requests from the host after it is started; after the host starts, it sends a router request and listens to the router announcements from the router.

 

3. Dynamic Routing Protocol

When the adjacent routers communicate with each other to inform each other of the network currently connected to each other, a dynamic route is selected. Vrouters must use the routing protocol to communicate with each other. There are many such protocols, such as RIP, OSPF, and the routing daemon processes run the routing protocol and communicate with neighboring vrouters. The routing daemon adds the routing policy to the system, selects the route, and adds it to the kernel routing table. If the daemon finds that there are multiple routes to the same sink, it selects the optimal route (in some way) and adds it to the kernel routing table. If the routing daemon finds that a link is disconnected, it can delete the affected route or add another route to bypass this problem.

In systems like the Internet, many different routing protocols are currently used. The Internet is organized in a group of autonomous systems. Each autonomous system is usually managed by a single entity. A company or university campus is often defined as an autonomous system. Each autonomous system can select the routing protocol between routers in the autonomous system. This protocol is called the Internal Gateway Protocol (IGP), and Common IGP includes RIP and OSPF. The communication protocol between vrouters of different Autonomous Systems is called the external Gateway Protocol (BGP ).

The book TCP/IP does not have a detailed description of the corresponding algorithms. I plan to go back to my undergraduate computer network and make a summary.

 

4. ICMP error message

The ICMP packet list lists multiple ICMP error messages. This book only introduces some of them.

The first is the ICMP unattainable packet. Its format is as follows:

For ICMP port non-reachable errors (Code 3), the system that receives the error message reads the error IP packet header from the ICMP packet content, so as to know how to explain the eight bytes (TCP or UDP?) after the packet header ?), By interpreting the next eight bytes (destination port number and source port number), you will know which application process (source port number) caused the error and which destination port is inaccessible.

We can see that each vro or host has a route table. Generally, there is a default option in the route table. When the next vro with the host or network number matching cannot be found, the default gateway is selected for the routing mechanism. The top-layer selection domain maintains the information of most Internet websites without using the default route. When the router receives an IP datagram but cannot forward it (no default route ), A copy of the "ICMP Host inaccessible" error message (Code: 1) is sent to the host that sends this IP Message.

The format of the ICMP "timeout" message is basically the same as that of the ICMP inaccessible message, except for the type value and code value. When a vro receives an IP datagram, if its TTL value field is 0 or 1, The vro does not forward the datagram (the target host that receives the datagram can send it to the application, because the host does not need to forward this datagram, but generally, the system should not receive a datagram with a TTL value of 0 ). The router discards the datagram and sends an ICMP timeout packet to the source machine.

ICMP timeout + ICMP port inaccessibility + TTL is the working principle of the traceroute program. The traceroute program sends an IP data packet whose TTL field is 1 to the target host. The first router that processes the data packet will subtract the TTL value from 1 and discard the data packet, return an ICMP timeout packet. The router address is obtained through the source address in the packet. Then, traceroute sends an IP data packet with a TTL of 2 to the target host, in this way, the second router will send back an ICMP timeout message ,...., until the message reaches the destination host and is received, how can we determine that the message has reached the destination host? Traceroute selects an impossible value as the destination port number (greater than 30000), making it impossible for any application on the destination host to use this port. In this way, when the destination host receives the message, A packet "ICMP port inaccessibility" is generated. When the ICMP packet received by traceroute is "Destination Port inaccessibility", you can determine that the entire traceroute process has been completed. Remember that in the "options" section of the IP header, you can also set "strict Origin Site Selection" and "loose Origin Site Selection" options, you can add this option to the IP datagram header sent by traceroute to plan the traceroute path.

The book also introduces ICMP redirection error messages. When an IP datagram is sent to another vro, the router that receives the datagram (the interface is the same as the incoming Interface) sends an ICMP redirect error message to the sender of the IP datagram, in the previous IP layer processing process, another source that can modify the route table is the ICMP redirection error message. Its format is as follows:

The ICMP redirection receiver must view three IP addresses: (1) the IP address that causes the redirection (that is, the IP address header of the erroneous datagram in the data of the ICMP redirection packet); (2) the router that sends the redirection packet (the source address of the IP datagram containing the redirection information); (3) the IP address of the router to be used (in the ICMP datagram text ).

There are many rules for ICMP redirection packets. First, the redirection packet can only be generated by the router. In addition, the redirection packet is used by the host rather than the router.

 

This time, we summarized a protocol used in the IP datagram, namely the ICMP protocol, including querying packets and error packets, and introduced some programs using these packets, including the principles of ping and traceroute. For dynamic routing, I think the related algorithms can be further summarized.